Vulnerability assessment and penetration testing have become very important, especially in the past couple of years. Organizations often have complex networks of assets storing sensitive data, and such assets are exposed to potential threats from the inside as well as from the outside. To get an overview of the security posture of an organization, conducting a vulnerability assessment is an essential step. Performing penetration tests requires a well-planned and methodical approach.
To help you perform various tasks across the phases of the penetration testing lifecycle, there are tons of tools, scripts, and utilities available. Linux distributions such as Kali Linux even provide bundled tools to perform these tasks.
It is natural to get overwhelmed with the number of tools available. However, there are a few tools that are so powerful and flexible that they alone can perform most of the tasks across the phases of the penetration testing lifecycle.
This book will get you started with the fundamentals of three such tools: NMAP, OpenVAS, and Metasploit. Just by using these three tools alone, you will acquire extensive penetration testing capabilities.
By the end of this book, you’ll have a substantial understanding of NMAP, OpenVAS, and Metasploit and will be able to apply your skills in real-world pen testing scenarios.
Table of Contents
About the Author and About the Technical Reviewer
About the Author
is a seasoned information security professional with 11 years of comprehensive experience in the various verticals of information security. His domain expertise is in cybercrime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, and IT CRC. He has a master’s degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM Certified Specialist – Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2, to name a few. He has been closely associated with Indian law enforcement agencies for more than four years, dealing with digital crime investigations and related trainings for officers, and has received several awards and appreciations from senior officials in police and defense organizations in India. He is the author of several books and articles on information security.
About the Technical Reviewer
is a certified .NET Windows and web developer, specializing in Python, security programming, and PHP; he won Microsoft’s Community Contributor Award in 2011. As a published author, his books include Beginning Ethical Hacking with Python and Beginning Laravel , published by Apress.